[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] draft-housley-evidence-extns-00 worse than key escrow

To: tls@xxxxxxxx
Subject: [TLS] draft-housley-evidence-extns-00 worse than key escrow
From: Martin Rex <martin.rex@xxxxxxx>
Date: Mon, 8 Jan 2007 14:48:53 +0100 (MET)
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

What has become obvious from the disscussion so far is not only
that the draft-housley-evidence-extns-00 is absolutely useless
for purposes of creating receipts for internet online commerce,
it's primary intention is to completely subvert the TLS protocol
in order to provide a means for law enforcment agencies to
collect evidence of thought-to-be private (tele)communications
for direct use in court, in a quality that will make it difficult
to impossible deny/repudiate.

10 years ago, we thought that mandatory key escrow would be the worst
that could happen to computer security.  This proposal is worse by
a significant margin.

The obvious drawback of key escrow is, that with the keys one can
not only reveal the protected communication, but also trivially
"fabricate" evidence, which would significantly impair/ruin the quality
of "wire-tapped" communcations as (sole) evidence in court.

With the TLS evidence approach, requiring EAL6+ crypto hardware and
keystores on every telecommunication device and having them sign
the entire raw communication, the wire-tapped can not only be used
for intelligence purposes and further investigations leading to
real evidence, it can be used directly as evidence against either
or both of the unsuspecting and unconsenting communication peers.

For the usage scenario that Mark is looking at, the communication
peers are going to be an end user's telecommunications device on
one side and some network operators phone switch on the other.
I don't know whether he's thinking of VoiP or the next generation
of mobile phones.

So the key on the "users side" (plus a certificate by an
government-authorized CA) would likely be a requirement for the
device to access the phone switch, and it would first of all
identify the device and communications from this device,
rather than an actual user.  There is no intention to notify or
even ask for consent for a signed wire-tap evidence, of course.


-Martin
 


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] draft-housley-evidence-extns-00 worse than key escrow
  - From: Mark Brown

Prev by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: RE: [TLS] draft-housley-evidence-extns-00 worse than key escrow
Previous by thread: [TLS] Writing Help with draft-williams-on-channel-binding
Next by thread: RE: [TLS] draft-housley-evidence-extns-00 worse than key escrow
Index(es):
- Date
- Thread